Presentation is loading. Please wait.

Presentation is loading. Please wait.

International Telecommunication Union Workshop on Standardization in E-health Geneva, 23-25 May 2003 Security needs in telemedicine Philippe Feuerstein,

Published byDestiny McDonald Modified over 10 years ago

Similar presentations

Presentation on theme: "International Telecommunication Union Workshop on Standardization in E-health Geneva, 23-25 May 2003 Security needs in telemedicine Philippe Feuerstein,"— Presentation transcript:

1 International Telecommunication Union Workshop on Standardization in E-health Geneva, 23-25 May 2003 Security needs in telemedicine Philippe Feuerstein, MD Centre Hospitalier de Mulhouse, France feuersteinp@ch-mulhouse.fr

2 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Introduction o New technologies widely improve the ability to electronically record, store, transfer and share medical data o Sharing data by telemedicine is fast and cheap (at least, compared to classical methods) o More and more participants are involved in this electronic data flow

3 ITU-T 23-25 May 2003 Workshop on Standardization in E-health E-health channels o Physician/Physician o Physician/Healthcare professionals o Physician/Patient o Physician/Government agencies o Physician/Public health o Physician/Law enforcement o Physician/Insurance companies o Physician/Registry office

4 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Standardization o When talking about standardization, hardware and software are taken into account o Never underestimate the need of standardizing manware: if the different actors dont have similar goals or expectations, nothing will have satisfactory results and security flaws will arise

5 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Why security needs? (1) o E-health must: assure physical and logical data protection preserve the use of data from obsolete technologies with a safe way to migrate from analog to numeric data conform to legal and ethical rules: privacy, consent…

6 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Why security needs? (2) o E-health must: protect health professionals whenever a medical case turns to a legal case deal with the presence of third party: transfer operator, storage operator protect copyright

7 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Hardware Security o Usual safety measures: Hardware protection Data backup …

8 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Confidentiality (1) o Keeping secure and secret information concerning an individual, guaranteeing his right to privacy o Patient information is confidential and should not be disclosed without consent unless justified for lawful purposes

9 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Confidentiality (2) o Insurance companies obtaining medical information on policyholders could misuse it to deny coverage or claims o Potential employers obtaining health information on current or potential employees could misuse it to fire or not employ a person o Politician obtaining health information on opponents could misuse it for unfair attacks

10 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Confidentiality (3) o For most health professionals, confidentiality is an ethical duty o In most countries, confidentiality is a legal obligation, but demanded level is variable: Data Protection Act European Data Protection Directive 95/46 Health Insurance Portability and Accountability Act

11 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Confidentiality (4) o Confidentiality can be obtained by use of cryptographic services o In many countries, legal restrictions apply to cryptography materials o Standardization challenge: to find a common algorithm, strong enough to be safe but law compliant in most if all countries

12 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Authentication (1) o For most documents, authenticity is bound to the presence of an authorized handwritten signature o Even photocopies are worth nothing o To find an equivalent of handwritten signature for a digital document is a difficult problem

13 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Authentication (2) o It is necessary to find a system, dealing with digital document, having these capabilities: The receiver can verify that the issuer is really who he claims to be The issuer cannot subsequently refute the document The receiver, or any third party, cannot have made himself the document A date stamp of the document creation is recorded

14 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Authentication (3) o Asymmetric public-key infrastructure (PKI) cryptography fulfills the needs o Unfortunately, no PKI standard is universally recognized o In more and more countries, the validity of digital signature is legally recognized if the system used meets defined criteria (e.g.: Electronic Signatures and Records Act)

15 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Integrity (1) o During transfer or storage, data should not be modified voluntarily or accidentally o Modification of conventional data are generally pretty obvious: erasing words in a letter, scratch on a plain film o Situation is different with numerical data

16 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Integrity (2) o Real kidney stone or graphical trick?

17 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Integrity (3) o Same document with 10% random noise

18 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Integrity (4) o Integrity can be compared to sending a postcard on which a plastic cover has been applied: everybody can read it, but nobody can modify it without leaving a visible mark o Integrity of both data ( misc. recording, imaging) and medical report is needed; ideally, they should be attached and inseparable

19 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Availability o Data must be accessible and usable upon demand by an authorised user, with an acceptable waiting time o The time used include the whole cycle: Data retrieving Signature, encryption Transfer Decryption, integrity check

20 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Auditability o In the health multi-user environment, an authorized person may also access to information in situation when he is not concerned o When transmitting, it is necessary to have a proof that sending, receiving and using data effectively occurred o Timed chronology has also to be known

21 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Anonymity o Easily sharing data via telemedicine enable large scale multicentric studies o Individual patient data are used for common benefit; privacy must be preserved and data anonymization is a basic rule o A unique identifier is necessary but no standard exists on how to anonymize data

22 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Copyright protection o For educational or informational purpose, more and more data are available online o It is often forgotten that something available online should not be systematically freely used by anyone o Watermarking of document is a possible solution against « cyberplagiarism »

23 ITU-T 23-25 May 2003 Workshop on Standardization in E-health The ultimate security ? o New technologies should be better than old ones o In term of security, we wish a data auto destruction mechanism in case of attempt of: alteration (voluntary or accidentally) theft disclosure or any improper use

24 ITU-T 23-25 May 2003 Workshop on Standardization in E-health Conclusion o Security issues are numerous and of primordial importance in telemedicine o Circumventing them is one of the key point for the success of telemedicine o Most of these issues can be addressed by cryptographic services and use of PKI o Lack of standardization is a major drawback

25 International Telecommunication Union Workshop on Standardization in E-health Geneva, 23-25 May 2003 Thank you for your attention!

Download ppt "International Telecommunication Union Workshop on Standardization in E-health Geneva, 23-25 May 2003 Security needs in telemedicine Philippe Feuerstein,"

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH.

ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH.
HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
FERPA: Family Educational Rights and Privacy Act.

FERPA: Family Educational Rights and Privacy Act.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.

Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Cryptographic Technologies

Cryptographic Technologies
Applied Cryptography for Network Security

Applied Cryptography for Network Security
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.

© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

Similar presentations

Ads by Google